CMS Emergency Preparedness Ruling

CMS Emergency Preparedness RulingPublished on September 16, 2016 by the Centers for Medicare and Medicaid (CMS), the “Medicare and Medicaid Programs; Emergency Preparedness Requirements for Medicare and Medicaid Participating Providers and Suppliers” Final Rule (81 FR 63860), commonly referred to as the CMS Emergency Preparedness Final Rule, sets requirements for health care providers and suppliers that participate in Medicare and Medicaid to develop enhanced emergency response programs.

The ruling is comprised of four best practice standards: Risk Assessment and Emergency Planning, Policies and Procedures, Communications Planning, and Training and Testing. As as a prerequisite for participation in Medicare and Medicaid, all participant facilities (providers and suppliers) are expected to be in compliance with these requirements by November 15, 2017.

Avalution has studied these new regulations to create services that tightly align with the requirements and help organizations become compliant and increase preparedness. If you’re looking for assistance with achieving compliance, please contact us.

In the meantime, let’s take a closer look at the background and ruling provisions. Continue reading

“…Or High Water”: A Business Continuity Case Study

Water PipeThe Importance of Business Continuity and Leveraging Resource Loss Based Planning

SITUATION
On Sunday, January 8, 2017, the temperature in Cleveland, OH dropped significantly, which caused a water pipe to burst in the hallway of our building, right outside the entry to our Cleveland office.

No one was in the building at the time, and the water poured out for about 45 minutes before it was shut off. The water pooled primarily in our office space resulting in damage to floors, walls, and some equipment. When all was said and done, the total amount of water removed from our office space alone, was approximately 15,000 gallons. The rest of the water literally went down the elevator and main stairway – flooding three of the floors below. Continue reading

Chaos in Cleveland?

ClevelandSETTING THE STAGE

This morning was a non-eventful morning.  I was sitting in my office, sipping on my coffee, and working on my monthly reports. Then, the manager of our office building entered our lobby.

The Michael Brelo case is nearing an end. Closing arguments have been heard and a verdict is expected shortly. The question is, when?

Our building manager was concerned, and rightfully so.

Our office is located directly across the street from the justice center where the case is taking place. Just a couple weeks ago, we sat witness to the riots and devastation in Baltimore, and, from our ongoing monitoring of the situation and media this week, our team is aware that the City of Cleveland is actively bracing for the possible impact and chaos that could result when the verdict is announced. Continue reading

Business Continuity Plans 101

In previous articles, Avalution has espoused the value of using a management systems approach to business continuity and articulated the notion that business continuity is more than just a collection of plan documentation. This approach is reflected in many different standards, including ISO 22301.

Even though business continuity plans represent just one component of a larger business continuity planning effort, they are what guide the organization through all phases of response and recovery following the onset of a disruptive incident – from the initial response and assessment to the eventual return to normal operations. Effective planning is meant to ensure that response and recovery efforts align to the expectations of all interested parties and provide a repeatable approach to minimize downtime.

This perspective explores the different types of business continuity plans that Avalution finds to be the most effective for organizations and examines their purpose within a wider business continuity strategy. Continue reading

Integrating Cyber Security and Business Continuity

The last several years have continued to see an increase in the sophistication and volume of cyber threats, with a 42% increase in targeted attacks in 2012 (as reported by Symantec, in its 2013 Internet Security Threat Report).  The range and types of threats vary greatly as well; in June 2013, InfoSecurity magazine listed the top five specific IT cyber security threats as: data breach, malware, DDoS, mobile threats, and industrialization of fraud – each of which requires a different preventive and response approach.  An Ipsos survey for Lloyds Risk Index 2013 indicated that cyber risk is the third biggest concern for CEOs when assessing organizational threats, jumping nine spots from the previous year’s ranking of 12th.

In most organizations, monitoring and response has continued to develop and mature within IT to proactively address vulnerabilities.  That said, there may be opportunities to better integrate IT’s response to such illicit activity with the organization’s business continuity program and structure, so that if an event does occur, the organization ensures a timely and coordinated response.  After all, cyber security incidents can have business continuity implications and impacts that extend far beyond IT. Continue reading

How to Establish an Early Warning System

Part of Avalution’s Conforming to ISO 22301 Series

This perspective is the sixth in a series to discuss key elements of the ISO 22301 business continuity management system, including value-adding elements of the standard or requirements that could “trip up” an organization during the certification process.

Today we’re going to take a look at ISO 22301’s requirements for the establishment of an early warning network. Continue reading

Crisis Communications: An Organizational Balancing Act

For an organization experiencing a crisis, the ever-persistent nature of our 24/7 global society means that impacts extend well beyond the location of the crisis. Organizations that successfully manage and respond to disruptive events do so because they are able to balance the operational activities associated with the disruptive event while concurrently managing the expectations of stakeholders and the general public. Organizations are able to accomplish the task of managing stakeholder and public expectations through effective, accurate, and timely communications. Continue reading

Crisis Management Team Leadership Success: A Combination of Natural Abilities and Learned Skills

Your organization has spent considerable resources preparing for disruptive events, and now a crisis is looming. Plans are in place, detailing assigned roles and responsibilities that involve crisis leadership, as well as response and recovery procedural execution. But, will your Crisis Management Team Leader be effective? Will your response be successful? Often, one of the most significant key success factors is the choice of crisis leadership. Continue reading

Twitter: Business Continuity in 140 Characters or Less

Social Media PerspectiveWhat do CNN, Dalai Lama, FEMA, and Avalution all have in common? All embrace social media in the form of Twitter to interact with users and share breaking news. Displaying topics ranging from H1N1 and Haiti to the best local cup of coffee, Twitter has created a new baseline for effective and efficient communication. With the ease of use and scalability that social media provides, organizations are looking to understand how social media not only fits into their marketing and branding efforts, but also their business continuity capability.
Continue reading